Educating the world

I’ve recently done a project that uses load balancing. mod_proxy is a blog for another day but it was based on a LAMP stack. I install this all the time for lots of different projects. Some are development projects and some are just system administration projects.

My desktop of choice is Windows. I hate it slightly less than I hate MacOS, so I’m going to be installing my LAMP stack inside a virtual machine.

Give the virtual machine a name. You can give it the name of the operating system or the project you will be working on.

Select Linux as the operating system.

CentOS wasn’t in the list so I just selected Other Linux, I don’t think this does anything.

Click Next, to configure the Memory.

There 6GB in my PC so I’ll give 1024MB to the virtual machine. You can change this later if you like.

Click Next, to configure the Virtual Hard Disk.

Accept the defaults to create new hard disk.

Click Next, to start the virtual disk creation wizard.

Select the VDI(Virtual Disk Image) and click Next.

Select Dynamically allocated because it creates a smaller file which helps with housekeeping and backups at the cost of a small amount of speed each time the hard disk needs to grow. You’ll only really notice this at the beginning when your installing everything but once you’re done you’ll find that it hardly grows after that.

You can leave the hard disk name the same as the operating system.

CentOS should install in a couple of gigabytes so accept the default of 8GB. The file won’t be 8GB straight away.

Select Next, then Create and then Create again.

The virtual machine’s creation should be instant. We’ll tweak a few settings and install our guest operating system.

Click the Settings button.

Select the System tab.

No one has a floppy disk drive anymore so switching it off will speed up your boot slightly. Uncheck Floppy and move it to the bottom of the list.

Select the Network tab and change the Attached toBridged Adaptor. This will allow you to pick up a real network address from the DHCP server which makes testing easier.

The right hand panel will change so click the CD-ROM icon on the far right to open the file selector.

Select Choose a virtual CD/DVD disk file and navigate to your ISO image and open it up.

Click Ok to close the Settings panel.

Right, off we go. Click Start and read the popup boxes and click your way through them. VirtualBox will launch the Virtual Machine and will attempt to boot from the ISO image we gave it earlier. You will start to see the CentOS installation happening in a new window that’ll open up

Press Return to install in graphical mode.

Don’t bother checking the CD media because it’s really just a file and so won’t suffer from any corruption, hopefully! So select Skip.

The virtual machine will think about it for a second and then launch the installation application in X-windows.

Select your language, keyboard country. If you are English then select United Kingdom.

Your virtual disk has not been partitioned or formatting and the installer notices. So click Yes and accept the defaults.

Select the defaults for Network Devices.

Select your location for the timezone.

Enter your Root password. If the virtual machine is going to be on the internet then choose your password carefully. If it’s just a test system then just choose something simple and small!

The next screen allows you to select an installation profile. I’m going to be just doing PHP development so don’t need to bother with all sorts of desktop applications like Open Office etc. I do want web servers and networking tools. Select Server - GUI.

Select Customise now and then Next. We’re going speed up the installation by not installing a load of stuff.

Under Applications unselect most of them except the editors.

Under Development make sure you select the Development Libraries and Development Tools.

Under Servers make sure you explicity check MySQL Database.

Open the Web Server and explicitly set php-mysql.

Under Base System -> System Tools, explicitly select tn (telnet is a handy connection tester) and Wireshark (for packet sniffing).

Under Languages select your country support.

Click Next and Next again to start the install.

4 minutes later you can click the Reboot button.

When the the virtual PC reboots it puts you in the platform configuration screens. Click Forward.

If your not on the internet make life simple and switch of the Firewall and the SELinux.
You don’t need Kdump either.

Create yourself a User.

It’s nice to have a bit of sound so test that.

Click Finish and reboot.

When the virtual machine reboots stop it so we can change the boot order. We don’t want to boot from CD every time.

Click Settings -> System

Move Hard Disk to above CD/DVD ROM.

Then click OK.

Next click the Start button, to boot the virtual machine.

You will be booted to the X-Windows login prompt.

Login as the root user.

Open a terminal window; it’s under Application -> Terminal.

We want Apache and MySQL to start when the virtual machine boots into multi-user mode (runlevel 3).

Now that you have a fresh clean system it’s a good idea to create a clone. We can use this clone to create clean copies for other projects without having to go through all the hassle of installing the operating system. We’ll have to shutdown the virtual machine so from the command line type:

Give it a name ending in “clean” so you know this one shouldn’t be touched.

The first question VirtualBox asks is whether you want to reinitialise the MAC address on the network cards. The MAC address is the physical network address so if you want to run multiple clones at the same time then you’ll have to do this reinitialise step. Otherwise you could be in a world of IP address conflicts as both clones will appear to be the same machine. So do a Full Clone to keep it safe.

My installation was about 3GB so it took a few seconds to copy all the data to make the clone.

If you download Firefox from the main download page, the site doesn’t detect that you are British. You get the standard American download. The result of this is that web sites detect your locale from your browser then layout internationalised content using this detection.

When we started using CIPHR we found that everyone using Firefox was being shown their dates in the wrong (American) order.

Firefox by default installs the languages English (en) and English U.S. (en-us) but not English GB (en-gb).

So from within the menu in Firefox, select Tools -> Options -> Content Tab.

From the Languages section select Choose.

From the Select a language to add drop down select English/United Kingdom [en-gb].

Click Add.

Use the Move Up / Move Down to position en-gb at the top of the preferences.

Click OK to finish.

You may have to refresh the page but you shouldn’t have to restart Firefox.

I hadn’t used my Cisco ASDM 5.2 for ASA for a while and when I needed to add a couple of extra users to the VPN it didn’t work.
Everything seemed to load in ok but when I tried to submit my login credentials it hung. I loaded the Java console and got the following exception when I tried to authenticate.

The problem is caused by Cisco ASDM 5.2 requiring Java 6. In spite of having Java 6 and 7 installed, the Cisco software doesn’t know the difference and just accepts the first installation as being the only installation. Version 7 comes first and so the Cisco software tries to use it.

Sun have a couple of internal classes that only sun are supposed to use because they might change without warning. Low and behold they did! X509TrustManagerImpl no longer has the same interface as X509ExtendedTrustManager and so we get a ClassCastException.

In order to work around the problem we must launch the Cisco ASDM 5.2 from an environment where it only knows about Java 6.

Create a file called asdm-launcher.bat and place it into C:\Program Files (x86)\Cisco Systems\ASDM. Use your favourite text editor and add the following to the file:

There is a file called "C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.conf" which contains instructions to launch the Java Virtual Machine (JVM) with certain parameters but I couldn’t get it to pick up a different version of Java. So if anyone knows what goes into that file so that we don’t need a hacked up batch file then let us know in the comments.

I always need to remember the special HTML entity codes for characters. Many blogging applications re-render the characters to make them more readable but when you want to cut and paste the text it’s all wrong. The best example of this is double quotes. If I write

echo "hello world"

into the article body, after rendering it comes out as:

echo “hello world”

This is fine for standard text but if you are writing computer code it’s useless. Try cutting and pasting the above 2 examples into a unix command shell. You will get

hello world

into the article body it actually comes out as

“hello world”

respectively.

There are thousands of web sites where they publish what all these codes are and most of them are a bit rubbish. I came across this on Steve DeGraeve’s site which is one of the better ones. I thought I’d blog it so I don’t lose it in the melee of similar pages returned by Google’s search.

From time to time I need to allow one user to log into another machine without being prompted for a password. This is extremely useful for anything that is automated for example doing the nightly backup which copies files across the network or running commands on the other machines. ssh is the program that allows one to login over and encrypted channel but it doesn’t allow you to specify the password on the command line as it would be a huge security risk.

We are going to set up a relationship between 2 computers using a public/private pass key. For the example below we’ll use 2 machines called william and catherine.

Ensure you have OpenSSH installed:

yum install openssh

Open a command line session on william.

To make life a little easier for ourselves login to catherine using ssh, accept the key fingerprint and then exit straight away.

This will set up the ~/.ssh folder with the correct permissions and also will create a file in there called known_hosts. This file contains the key fingerprints for catherine. If we talk to other hosts later, then they will get added here too.
Do the same from catherine to make sure all the folders are set up correctly on that side too.

Generate a public and private key pair and save them to william.pub and william respectively.

Note: The -N option allows you to specify a passphrase. If you do then each time you need to use the public key you’ll have to enter the passphrase in order to decrypt it for use. Using an extra passphrase here will mean we won’t be able to make it automatic and our dreams of automating our backups will be gone :(

Now that we have the keys for william we’ll transfer the public key over to catherine.

scp william.pub root@catherine:~/.ssh/

when william.pub arrives on catherine it’ll look something like:

ssh-dss AAAAB3N……f1Jew== root@william

make sure that the last part (root@william) is accessible i.e. can you ping william from catherine. If you can’t then you can edit the william.pub file and change it to root@10.0.0.1 where 10.0.0.1 is the IP address or name of william.

catherine must have a file containing all the public keys that it is authorised to use. This file is called ~root/.ssh/authorized_keys so add william.pub to the end of it.

cat william.pub >> authorized_keys

or if you have lots to do:

cat *.pub > authorized_keys

Now you can log into catherine from william without entering a password, you just need to specify your local private key identity file:

ssh -i william root@catherine

If you don’t want to specify the local private file on the command line all the time you can rename william to the default name of id_dsa:

mv william id_dsa

then try to login:

ssh root@cathrine

Here’s a tip if you are using virtual machines. If you set it all up so that you can log into yourself. Then make a clone. Both machines will have the same keys. They will be able to log into each other because, due to the same public and private keys, they think they are logging into themselves.

This is excellent if you are creating lots of clones for test or development environments because they can all log into each other without passwords without any extra work from you.